[dnssec-deployment] meeting announcement: 18 June 2008

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Jun 10 11:35:54 EDT 2008


On Tue, Jun 10, 2008 at 02:58:33PM +0000, Paul Vixie wrote:
> > >> Within the .SE community we haven't seen any resolver operator that wants
> > >> to use DLV for retrieving trust anchors.
> > >
> > > how would you know?
> > 
> > We asked them.
> 
> i apologize for my question.  i didn't fully realize that you only care about
> resolver operators "within the .SE community".

	even though that is exactly what he said.  what might be infered, and
	would be wrong, is that the .SE community is somehow bounded by geography.

> > >> They would much rather see support for RFC5011 in resolver code and for
> > >> the .SE zone in order to roll keys automatically on the resolver side.
> > >
> > > is there a downside to doing both?
> > 
> > Not really, but we can't see the demand for DLV that would motivate us to
> > put our keys in that kind of repository.
> 
> if the cost is known to be low, and the benefit is not known, then i wonder
> what keeps you from trying the experiment?


	the harm or the cost for backout is unknown as well.
	without real, demonstrable value add, most business people
	will not try an experiment "just because"...

	little or no entry cost is often a cover for very expensive
	long term support costs... e.g.  free handphones+expensive 
	contracts,  free inkject printers+ink @ 738.00USD gallon.

	being shy of low entry cost w/ unknown aftereffects seems
	prudent as a business choice.

--bill



More information about the Dnssec-deployment mailing list